# go to your home dir and download it cd ~ wget http://apache.cs.utah.edu/tomcat/tomcat-9/v9.0.22/bin/apache-tomcat-9.0.22.tar.gz tar xzvf apache-tomcat-9.0.22.tar.gz # make destination dir sudo mkdir /opt/tomcat # move unpackaged dir from home to /opt sudo mv ~/apache-tomcat-9.0.22 /opt/tomcat/ # create symlink to current so we only use /opt/tomcat/current in the future sudo ln -s /opt/tomcat/apache-tomcat-9.0.22/ /opt/tomcat/current # create a user who can't log in sudo adduser --no-create-home --disabled-login tomcat # change ownership to user tomcat sudo chown -r tomcat:tomcat /opt/tomcat/ # show me how it looks ls -la /opt/tomcat # become root sudo su # become tomcat su tomcat # go to config dir cd /opt/tomcat/current/conf # wipe the users file: echo "" > /opt/tomcat/current/conf/tomcat-users.xml # add your own users (press ENTER if warned that you have no home directory as user tomcat) nano /opt/tomcat/current/conf/tomcat-users.xml # and paste this, make sure to update the YOUR_PASSWORD_HERE section below: <?xml version='1.0' encoding='utf-8'?> <tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"> <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager-jmx"/> <role rolename="admin-gui"/> <role rolename="admin-script"/> <user username="admin" password="YOUR_PASSWORD_HERE" roles="manager-gui,manager-script,manager-jmx,admin-gui,admin-script"/> </tomcat-users> # Allow connections from another IP: # wipe the file echo "" > /opt/tomcat/current/webapps/host-manager/manager.xml # edit it (press ENTER if warned that you have no tomcat home dir) nano /opt/tomcat/current/webapps/host-manager/manager.xml # paste these contents: <Context privileged="true" antiResourceLocking="false" docBase="${catalina.home}/webapps/manager"> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" /> </Context> # take a look at your context.xml cat /opt/tomcat/current/webapps/manager/META-INF/context.xml # run this line to insert a rule to allow connections from other IPs: sed -i 's/allow="127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1"/allow="\\d+\\.\\d+\\.\\d+\\.\\d+"/g' /opt/tomcat/current/webapps/manager/META-INF/context.xml # take a look at your context.xml again cat /opt/tomcat/current/webapps/manager/META-INF/context.xml # exit from being user tomcat exit # you should now be ROOT again, or the user who can run sudo # Create a startup script: sudo nano /etc/init.d/tomcat # paste these contents below. It does a /bin/su tomcat (to run things as user tomcat) #!/bin/bash ### BEGIN INIT INFO # Provides: tomcat9 # Required-Start: $network # Required-Stop: $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start/Stop Tomcat server ### END INIT INFO PATH=/sbin:/bin:/usr/sbin:/usr/bin start() { cd /opt/tomcat/current/bin/ /bin/su tomcat /opt/tomcat/current/bin/startup.sh } stop() { /bin/su tomcat /opt/tomcat/current/bin/shutdown.sh } restart() { stop start } case $1 in start|stop) $1;; restart) stop; start;; *) echo "Run as $0 <start|stop|restart>"; exit 1;; esac # make it executable sudo chmod u+x /etc/init.d/tomcat # add it to auto-start sudo update-rc.d tomcat defaults # check that tomcat is NOT running ps aux | grep tomcat | grep -v grep # Restart server to see that Tomcat starts automatically: # restart the server to test the auto-start sudo shutdown -r now # once the server is started, check that tomcat is running ps aux | grep tomcat | grep -v grep # tail the log file sudo tail -F /opt/tomcat/current/logs/catalina.out # next go to the /manager web console and log in as admin / your pass http://your-ip-here:8080/manager # and Undeploy the /docs, and the /examples apps.